The vulnerability is caused due to an error in the SACK (Selective ACKnowledgement) handling and may result in an infinite loop when not enough memory is available to handle an incoming SACK. This can be exploited by opening up a TCP connection to a vulnerable system and sending a specially crafted series of TCP packets.
Link: Secunia
